Due to innovations in network computing technologies and applications, many companies, businesses and organizations currently provide e-business services on global communication networks such as the WWW (world wide Web) and the Internet. Such services are typically provided through an entity's Web site.
To effectively transact e-business over a communications network, it is critically important to develop systems and methods that enable an organization's Web site to be secure and continually functioning without interruptions. It is very difficult to maintain a secure Web site on continuous basis, however, when the Web site is continuously subjected to a large number of network attacks. Indeed, most organizations either do not have the necessary IT expertise to maintain secure Web sites and protect against attacks, or they cannot provide security in a cost effective manner. As a result, many organizations have outsourced their IT services, including the management of secure Web sites, to an IT service provider such as IBM Global Services.
A service provider typically provides computing services by hosting a large number of customer Web sites or applications in a relatively small number of data centers. In order to satisfy the needs of each individual customer, a service provider usually signs various service level agreements (SLA) with individual customers. In general, a SLA is a monetary, legal contract that specifies the minimum expectations and obligations that exist between a service provider and the customer. Such SLAs can include for example, requirements for quality of service (QoS) and security.
It can be a challenge to enforce individualized security SLAs in a hosted environment in which a large number of Web sites and applications are managed. Indeed, the number of individualized security SLAs can be large because individual clients have different security demands, and enforcing such demands can be difficult depending on the security system used. In addition, the rates and types of security attacks can be exceedingly large in a hosted environment. For example, a large number of virus attacks, security scans, denial of services and buffer overflows can occur simultaneously. Moreover, attacks may occur anywhere and at anytime. Sophisticated data consolidation and event correlation are usually needed to understand the nature of attacks.
Therefore, there is a need for efficient systems and methods to enforce security SLAs, especially in a hosted environment where a large number of customer Web sites are managed.